Skip to content

Instantly share code, notes, and snippets.

View gnepud's full-sized avatar

Peng Du gnepud

42 followers · 57 following
  • Grenoble, France
View GitHub Profile
@rafaelp
rafaelp / gist:1976687
Created March 5, 2012 04:55
A solution to a more obscure problem related to the "vulnerability" of mass assignment:
# account.rb
class Account < ActiveRecord::Base
has_many :users
has_many :services
end
# user.rb
class User < ActiveRecord::Base
belongs_to :account
end
@dhh
dhh / gist:1975644
Created March 5, 2012 00:32
class PostsController < ActionController::Base
def create
Post.create(post_params)
end
def update
Post.find(params[:id]).update_attributes!(post_params)
end
private
@wycats
wycats / security.md
Created March 4, 2012 18:06

Proposal for Improving Mass Assignment

For a while, I have felt that the following is the correct way to improve the mass assignment problem without increasing the burden on new users. Now that the problem with the Rails default has been brought up again, it's a good time to revisit it.

Sign Allowed Fields

When creating a form with form_for, include a signed token including all of the fields that were created at form creation time. Only these fields are allowed.

To allow new known fields to be added via JS, we could add:

@sethbro
sethbro / spec_helper.rb
Created February 10, 2012 01:09
Rails unit, functional and integration tests in Minitest spec format.
ENV["RAILS_ENV"] = "test"
require File.expand_path('../../config/environment', __FILE__)
require 'rubygems'
gem 'minitest'
require 'minitest/autorun'
require 'action_controller/test_case'
require 'miniskirt'
require 'capybara/rails'
@nathankleyn
nathankleyn / gist_11_functional_ruby.rb
Created February 6, 2012 11:51
Gist #11 For "Functional Programming Techniques With Ruby: Part I"
class CssBlock
attr_reader :selector, :properties
def initialize(selector, properties = {})
@selector = selector.dup.freeze
@properties = properties.dup.freeze
end
def set(key, value = nil)
new_properties = if key.is_a?(Hash)
@victorquinn
victorquinn / ipad-view-source-bookmarklet
Created January 30, 2012 22:35 — forked from robflaherty/ipad-view-source-bookmarklet
iPad View Source Bookmarklet
javascript:(function(){
/* Bookmarklet for viewing source in iPad Safari */
var pageHTML = document.documentElement.innerHTML;
var otherlib = false;
var jQueryLoaded = false;
document.documentElement.innerHTML = '<!DOCTYPE html><html><head><title>Source of ' + location.href + '</title><meta name="viewport" content="width=device-width" /></head><body><div id="editor" style="height:' + window.innerHeight + 'px;width:' + window.innerWidth + 'px;"></div></body></html>';
/* Load jQuery */
if(typeof jQuery != 'undefined') {
console.log('This page already using jQuery v' + jQuery.fn.jquery);
@melanke
melanke / README.md
Created January 17, 2012 17:32 — forked from eligrey/object-watch.js
watch the changes of some object or attribute
@sethbro
sethbro / test_helper.rb
Created January 13, 2012 18:19
MiniTest::Spec with Rails setup
ENV["RAILS_ENV"] = "test"
require File.expand_path('../../config/environment', __FILE__)
require 'rails/test_help'
require 'minitest/autorun'
require 'minitest/pride'
require 'capybara/rails'
class MiniTest::Spec
include ActiveSupport::Testing::SetupAndTeardown
@ryanb
ryanb / index.js.erb
Created December 16, 2011 23:22
Infinite scrolling solution covered in revised episode #114: http://railscasts.com/episodes/114-endless-page-revised
$('#products').append('<%= j render(@products) %>');
<% if @products.next_page %>
$('.pagination').replaceWith('<%= j will_paginate(@products) %>');
<% else %>
$('.pagination').remove();
<% end %>
@dx7
dx7 / gist:1333785
Created November 2, 2011 14:33
Installing ruby-debug with ruby-1.9.3-p0
### UPDATE: ruby-debuy19 is no longer maintained, use https://github.com/cldwalker/debugger
# Install with:
# bash < <(curl -L https://raw.github.com/gist/1333785)
#
# Reference: http://blog.wyeworks.com/2011/11/1/ruby-1-9-3-and-ruby-debug
echo "Installing ruby-debug with ruby-1.9.3-p0 ..."
curl -OL http://rubyforge.org/frs/download.php/75414/linecache19-0.5.13.gem